CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

16
CVEs añadidos este mes
1545
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) ALTA 2026-03-18
CVE-2026-20963 Microsoft SharePoint ALTA 2026-03-18
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05

// top_vendors_afectados

Microsoft
15
Apple
6
Google
5
Cisco
4
Fortinet
4
Synacor
3
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2014-6271 GNU Bourne-Again Shell (Bash) GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, whic… CRÍTICA 2022-01-28
CVE-2014-7169 GNU Bourne-Again Shell (Bash) GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, whic… CRÍTICA 2022-01-28
CVE-2006-1547 Apache Struts 1 ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of… ALTA 2022-01-21
CVE-2012-0391 Apache Struts 2 The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability … CRÍTICA 2022-01-21
CVE-2018-8453 Microsoft Win32k Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. ALTA 2022-01-21
CVE-2021-35247 SolarWinds Serv-U SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers … MEDIA 2022-01-21
CVE-2021-32648 October CMS October CMS In affected versions of the october/system package an attacker can request an account password reset and then gain acce… ALTA 2022-01-18
CVE-2021-25296 Nagios Nagios XI Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. ALTA 2022-01-18
CVE-2021-25297 Nagios Nagios XI Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. ALTA 2022-01-18
CVE-2021-25298 Nagios Nagios XI Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. ALTA 2022-01-18
CVE-2021-40870 Aviatrix Aviatrix Controller Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitr… CRÍTICA 2022-01-18
CVE-2021-33766 Microsoft Exchange Server Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker … ALTA 2022-01-18
CVE-2021-21975 VMware vRealize Operations Manager API Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with net… ALTA 2022-01-18
CVE-2021-21315 Npm package System Information Library for Node.JS In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful … ALTA 2022-01-18
CVE-2021-22991 F5 BIG-IP Traffic Management Microkernel The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassin… CRÍTICA 2022-01-18
CVE-2020-14864 Oracle Intelligence Enterprise Edition Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage functi… ALTA 2022-01-18
CVE-2020-13671 Drupal Drupal core Improper sanitization in the extension file names is present in Drupal core. ALTA 2022-01-18
CVE-2020-11978 Apache Airflow A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. ALTA 2022-01-18
CVE-2020-13927 Apache Airflow's Experimental API The previous default setting for Airflow's Experimental API was to allow all API requests without authentication. CRÍTICA 2022-01-18
CVE-2021-22017 VMware vCenter Server Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. MEDIA 2022-01-10
CVE-2021-36260 Hikvision Security cameras web server A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. CRÍTICA 2022-01-10
CVE-2020-6572 Google Chrome Media Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted… ALTA 2022-01-10
CVE-2019-1458 Microsoft Win32k A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in me… ALTA 2022-01-10
CVE-2013-3900 Microsoft WinVerifyTrust function A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode s… MEDIA 2022-01-10
CVE-2019-2725 Oracle WebLogic Server Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services… CRÍTICA 2022-01-10
← Anterior Página 49 / 62 (1545 CVEs total) Siguiente →
[INFO] CVE-2026-20963: Vulnerabilidad Crítica en Microsoft SharePoint Explotada Activamente  ·  [INFO] La OFAC sanciona a una red de trabajadores de TI de la RPDC que financia programas de armas de destrucción masiva mediante falsos ...  ·  [INFO] CVE-2025-66376: Vulnerabilidad XSS en Synacor Zimbra Collaboration Suite  ·  [INFO] El ransomware Interlock aprovecha el CVE-2026-20131 de día cero de Cisco FMC para acceder a la raíz...  ·  [INFO] Nueve fallos críticos de KVM IP permiten el acceso root no autenticado en cuatro proveedores...  ·  [INFO] CVE-2026-20963: Vulnerabilidad Crítica en Microsoft SharePoint Explotada Activamente  ·  [INFO] La OFAC sanciona a una red de trabajadores de TI de la RPDC que financia programas de armas de destrucción masiva mediante falsos ...  ·  [INFO] CVE-2025-66376: Vulnerabilidad XSS en Synacor Zimbra Collaboration Suite  ·  [INFO] El ransomware Interlock aprovecha el CVE-2026-20131 de día cero de Cisco FMC para acceder a la raíz...  ·  [INFO] Nueve fallos críticos de KVM IP permiten el acceso root no autenticado en cuatro proveedores...  ·